Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
765
Views
3
Helpful
2
Replies

Dhcp issue

Go to solution
Muhammad ALTAF
Level 1
Level 1

‎08-21-2023 05:31 AM

We are currently experiencing an issue with our network setup that involves the DHCP server, Palo Alto firewall, core switch, and access switches.

Our DHCP server is connected to the Palo Alto firewall, followed by our core switch and access switches. The problem arises with VLAN-503, where the gateway is located in the firewall. However, in the core switch, there is no SVI configured for VLAN 503. As a result, clients are unable to obtain IP addresses within this setup.

Strangely, when we manually configure the SVI for VLAN 503 on the core switch, clients are then able to successfully receive IPs from the DHCP server.

Need support.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎08-21-2023 05:54 AM

Hi @Muhammad ALTAF 

 The problem is probably related to DHCP relay. When you setup the SVI on the core, you are probably configuring the helper-address pointing to the DHCP server and the traffic is passing through the firewall via unicast. 

When you remove the SVI on the Core and move it to the firewall, the DHCP request is sent via broadcast from Core vlan to the Firewall.  Then, the firewall must have the "heper-address" on its interface. If the firewall does not support this feature, it will not work and you need to keep in on the core.

 

View solution in original post

2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎08-21-2023 05:54 AM

Hi @Muhammad ALTAF 

 The problem is probably related to DHCP relay. When you setup the SVI on the core, you are probably configuring the helper-address pointing to the DHCP server and the traffic is passing through the firewall via unicast. 

When you remove the SVI on the Core and move it to the firewall, the DHCP request is sent via broadcast from Core vlan to the Firewall.  Then, the firewall must have the "heper-address" on its interface. If the firewall does not support this feature, it will not work and you need to keep in on the core.

 

Go to solution
M02@rt37
VIP
VIP

‎08-21-2023 06:06 AM - edited ‎08-21-2023 06:06 AM

Hello @Muhammad ALTAF,

On the vl503 Gateway on your Palo Alto, add dhcp relay pointing your DHCP Server IP address. 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card